2015 Cyber Insurance Market Watch Survey

THE COUNCIL LAUNCHES NEW CYBER INSURANCE MARKET WATCH; SHOWS COVERAGE FOR CYBER RISKS IS EVOLVING BUT U.S. BUSINESS REMAINS MOSTLY UNINSURED

WASHINGTON, D.C.– October 28, 2015 – The average take up rate for cyber insurance is 24 percent across U.S. business, according to results released today from The Council of Insurance Agents & Brokers’ new biannual Cyber Insurance Market Watch Survey. Survey results showed that small and medium-sized businesses still have a mindset that because they are smaller or don’t store personally identifiable information, their business is not likely to experience disruption from a cyber incident.

Despite this educational challenge, the national spotlight on cybersecurity is driving insurance purchases for existing buyers across all sized businesses and industries nationwide. Thirty-three (33) percent of companies that have basic protection for network and data breaches sought additional coverage at renewal during the last six months, and companies are increasingly purchasing stand-alone policies rather than relying on professional liability, crime, property and general liability policies for protection, according to respondents. Sixty-four (64) percent of brokers reported that their clients have stand-alone cyber policies.

“Just by shopping for cyber insurance coverage, businesses are educating themselves about their data, systems, processes, and security, which is a very good thing,” said Ken A. Crerar, president and CEO of The Council. “However, cyber insurance is only a financial solution for a breach event. The impact of data loss often goes well beyond just the financial implications, reaching deep into the breached organization, causing irreparable reputational damage, and that is a big challenge that confronts us.”

Currently, there are two segments of the stand-alone cyber insurance market: the first is a relatively mature primary sector for basic cyber liability and data breach products. The second is a developing segment characterized by more comprehensive specialty coverage solutions to address rapidly evolving, “out of the box” exposures. Brokers indicated they are not experiencing any capacity issues in the first, but see material capacity issues on the horizon for the latter, where the market is devoid of real-time data about cyber incident causes and effects and loss experience.

“As cyber threats move beyond just the theft of personal information, meaningful business interruption insurance is starting to become available,” said Crerar. “While the market has more loss data on cyber incidents, theft of intellectual property, physical damage and bodily injury are still not fully comprehended.”

Overall, brokers expect the developing cyber insurance market to remain favorable and to expand. The majority of survey participants indicated premium pricing is mostly flat right now outside of the health care and retail sectors which have seen some hardening in 2015.

Confusion about what is covered and what is excluded in a cyber policy continues to be the chief concern of brokers. Seventy-one (71) percent of brokers believe that there was little to no clarity about what is and what is not covered. Much responsibility lies with individual brokers and their ability to grasp exposures and coverage nuances and discuss those with individual clients whose interest levels vary greatly.